REMARKS 

In view of the following remarks, Applicant respectfully requests 
reconsideration and allowance of the subject application. 



5 Amendments to the Claims 

Claims 1 12, and 25 have been amended as shown above to more 
clearly distinguish between establishing an authenticated session between a 
server and a client; receiving at the server, a request from the client; and 
subsequently re-authenticating the session. 

10 

Rejections to the Claims 
35U.S.C, 103 

Claims 1-3 and 5-29 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over United States Patent Application Publication No. 
15 2003/0061288 A1 filed by Brown et al. (herein referred to as "Brown") in view of 
United States Patent Application Publication No. 2002/0019844 filed by 
Kurowski et al. (herein referred to as "Kurowski"). 

Claims 1, 12, and 25 have been amended, rendering the rejection of 
those claims moot. However, Applicant believes that claims 1, 12, and 25 as 
20 amended are allowable over Brown in view of Kurowski. Accordingly, the 
remarks presented below are given with respect to the claims as amended. 
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Applicant's application describes a re-authentication system 
implemented on a server computer system that provides increased security 
without disrupting user workflow in a client-server environment. When a 
request is submitted from the client to the server, the re-authentication system 
5 verifies that the session is secure. If the re-authentication system cannot verify 
that the session is secure, the system persists (e.g., saves or maintains) the 
request and directs the client to re-authenticate the session. When the client 
session is re-established, the re-authentication system directs the server to 
process the saved request, instead of requiring that the request be re-submitted 
10 from the client. (Application, page 2, line 25 - page 3, line 8.) Specifically, 
claim 1 recites a method comprising: 

establishing an authenticated session between a server and a client; 

subsequent to establishing the authenticated session, receiving at the 
server, a request from the client; 
15 subsequent to receiving at the server, a request from the client, 

determining whether the session is still authenticated; 

in an event that the session is no longer authenticated, persisting as a 
pending request at the server, the request from the client; and 

in an event that the session is subsequently re-authenticated, the server 
20 processing the pending request. 

Brown teaches a method and system that provide an accessibility 
gateway to Internet e-mail through the use of a web intermediary server. A 
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request for email from any mail server is sent from the client device to the 
intermediary server. The intermediary server retrieves the requested e-mail 
from a mail server, transcodes the server-based e-mail into a web-based e-mail 
and applies user-defined transformations to the e-mail for accessibility, which is 
5 then sent back to the client device. If the email is from a secure mail server, the 
intermediary server functions as a proxy for the user device to establish the 
requisite secure connection with the mail server. (Brown, Abstract.) 

Kurowski teaches a highly distributed environment where very large 
computation intensive tasks are broken down into thousands of sub-tasks and 

10 then distributed to thousands of clients running on a variety of computers 
across the Internet. The idle CPU time of each of these thousands of client 
computers is used to perform these computations by running custom 
application modules in a low priority. (Kurowski, Abstract.) 

The combination of Brown and Kurowski does not teach or suggest 

1 5 "subsequent to establishing the authenticated session, receiving at the server, a 
request from the client; subsequent to receiving at the server, a request from 
the client, determining whether the session is still authenticated; and in an event 
that the session is no longer authenticated, persisting as a pending request at 
the server, the request from the client; and in an event that the session is 

20 subsequently re-authenticated, the server processing the pending request," as 
recited in claim 1 . 

With referenced to claim 1, the Office states, "Brown discloses directing 
the client to be authenticated in the event the client is not authenticated, but 
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does not explicitly disclose persisting the client request as a pending request at 
the server," (Office Action, page 5.) The Office goes on to cite Kurowski, 
paragraphs [0208] and [0241] as disclosing, "a persistent queue management 
subsystem is used for storing request from a client for the server when 
5 network is down." (Office Action, page 5.) Applicant notes that the Office does 
not contend that Kurowski describes, "persisting as a pending request at the 
server, the request from the client; and in an event that the session is 
subsequently re-authenticated, the server processing the pending request," as 
recited in claim 1 . 

10 Kurowski paragraph [0208] merely provides some background 

information for the reader regarding the use of the term 'Domain Objects" in the 
specification. Paragraph [0208] also includes one sentence that states, "For 
some operations, the domain objects might depend on other subsystems that 
provide a persistence mechanism either to the local disk or to a server." This 

15 merely indicates that the processing performed by the client, which is broken up 
over multiple subsystems may be such that the processing done by one 
subsystem may rely on data previously processed by another subsystem, so a 
subsystem may need to wait, or "persist", until another subsystem has 
performed its processing. 

20 Kurowski paragraph [0234] states that, 'The Task Manager subsystem 

276 is one of the most involved subsystems of the client 200." Kurowski 
paragraph [0241] describes, "some of the major responsibilities of the Task 
Manager," which include, "keeping track of when the network connection is 
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down and then initiating saving of data to the local disk for later sending to the 
Task Server; storing any commands for the Task Server in a persistent queue if 
the network connection is down ; and when a connection is reestablished after 
some time of being disconnected, go through the persistent queue and send all 
5 the things to the Task Server that are pending there." 

The Office further contends that, "It would have been obvious to one of 
ordinary skill in the art at the time the invention was made to implement the 
persistent queue for storing client request to the task server when connection is 
down taught by Kurowski with the teaching of verifying if the client is 

1 0 authenticated before processing the request taught by Brown for the benefit of 
saving the work for the task server to be processed when connection is 
reestablished." (Office Action, pages 5-6.) 

Applicant respectfully points out that the combination described by the 
Office differs significantly from claim 1. While Brown may describe, 

15 "establishing an authenticated session between a server and a client; 
subsequent to establishing the authenticated session, receiving at the server, a 
request from the client; and subsequent to receiving at the server, a request 
from the client, determining whether the session is still authenticated," as 
recited in claim 1 , neither Brown nor Kurowski describe, "in an event that the 

20 session is no longer authenticated, persisting as a pending request at the 
server, the request from the client; and in an event that the session is 
subsequently re-authenticated, the server processing the pending request," as 
recited in claim 1 . Kurowski describes persisting data to be sent to a server at a 



lee@hayes 



15 



110B0e0MSAO86S1.DOC 



client when a network connection between the server and the client is 
unavailable, and then later, when the network connection becomes available, 
transmitting the data from the client to the server. There is no way in which 
Kurowski teaches or suggests, "persisting as a pending request at the server, 
5 the request from the client," because Kurowski is clear that the data cannot be 
sent from the client to the server because a network connection is down. 

In the "Response to Arguments" section of the Office Action, in reference 
to, "in an event that the session is subsequently re-authenticated, the server 
processing the pending request," the Office states that, "The processing of the 

10 request that Applicant recites is after the client is authenticated. Therefore, 
Examiner is interpreting the request as process request directed to application 
server while in Brown the request that WAG received is a request for 
authentication, e.g., login." The Office goes on to state, "The portion where 
Applicant referring to in the Specification appears to referring the request as 

15 directed to request made to the application server, e.g., sending email 
message. Therefore, in light of this interpretation, Examiner is interpreting the 
request taught by Fig. 4a in Brown to be request to be authenticated when it is 
determined that the session has been expired." {Office Action, pages 2-3.) 
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Applicant understands these statements to indicate that the Office feels 
that there is some ambiguity in claim 1 as to whether or not the request that is 
being persisted is a request to be authenticated (or possibly re-authenticated). 
As shown above, claim 1 has been amended to clearly indicate that an 
5 authenticated session is established between a server and a client; 
subsequently, a request is received at the server from the client; and 
subsequent to receiving the request, a determination is made as to whether or 
not the session is still authenticated. Accordingly, Applicant believes it is clear 
that the request received by the server and later persisted as a pending request 
10 is not a request to initially establish an authenticated session between the 
server and the client nor a request to re-authenticate the session. 

Accordingly, claim 1 is allowable over Brown in view of Kurowski, and 
Applicant respectfully requests that the 103 rejection of claim 1 be withdrawn. 

1 5 Claims 2, 3, and 5-11 are allowable over Brown in view of Kurowski at 

least by virtue of their dependency (direct or indirect) on claim 1 . 

Claims 12, 13, 18, 22, 23, 25, and 27 recite elements that are similar to 
those recited in claim 1 . Accordingly, for reasons similar to those stated above 
20 with reference to claim 1, claims 12, 13, 18, 22, 23, 25, and 27 are also 
allowable over Brown in view of Kurowski, and Applicant respectfully requests 
that the 103 rejection of claims 12, 13, 18, 22, 23, 25, and 27 be withdrawn. 
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Claims 14-17 are allowable over Brown in view of Kurowski at least by 
virtue of their dependency (direct or indirect) on claim 13. 

Claims 19-21 are allowable over Brown in view of Kurowski at least by 
5 virtue of their dependency on claim 18. 

Claim 24 is allowable over Brown in view of Kurowski at least by virtue of 
its dependency on claim 23. 

1 0 Claim 26 is allowable over Brown in view of Kurowski at least by virtue of 

its dependency on claim 25. 

Claims 28 and 29 are allowable over Brown in view of Kurowski at least 
by virtue of their dependency (direct or indirect) on claim 27. 

15 

Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Brown in view of Kurowski, and further in view of United States Patent 
Application Publication No. 2002/0023122 filed by Polizzi et al. (herein referred 
to as "Polizzi"). 

20 Claim 4 recites the method of claim 2 wherein the authentication token is 

a cookie stored by the client. 

Polizzi teaches a method and apparatus for processing jobs on an 
enterprise-wide computer system. The computer system uses a portal 
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architecture to allow a user to view a wide variety of content retrieved from a 
variety of different computer systems. (Polizzi, Abstract) 

The Office contends that Brown and Kurowski disclose the method of 
ciaim 2. The Office does not make any suggestion that Polizzi adds anything to 
5 the teachings of Brown and Kurowski with reference to claim 2. Accordingly, at 
least by virtue of its dependency on claim 2, claim 4 is allowable over Brown in 
view of Kurowski, and further in view of Polizzi, and Applicant respectfully 
requests that the 103 rejection of claim 4 be withdrawn. 

10 Conclusion 

Claims 1-29 are believed to be in condition for allowance. Applicant 
respectfully requests reconsideration and prompt issuance of the present 
application. Should any issue remain that prevents immediate issuance of the 
application, the Examiner is encouraged to contact the undersigned agent to 
15 discuss the unresolved issue. 



20 

Dated: jl Io^/oIq 

25 



Respectfully Submitted, 

Lee & Hayes, PLLC 

421 W. Riverside Avenue, Suite 500 

Spokane, WA 99201 




Name: Kayla D. Brant 
Reg. No. 46,576 

Phone No. (509) 324-9256 ext. 242 
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